AnyConnect: ‘Quick and Dirty’ Duo 2FA
Sep01

AnyConnect: ‘Quick and Dirty’ Duo 2FA

Posted By on Sep 1, 2020

KB ID 0001701 Problem Normally if I were deploying Duo 2FA with AnyConnect I’d deploy a Cisco RADIUS VPN on my LAN, (usually on my Duo Authentication Proxy). See the following article; AnyConnect: Enable Duo 2Factor Authentication However, last time I set this up, a colleague said ‘Oh by the way, you don’t need to do that, you can just point the firewall directly at Duo’. I was initially skeptical but I tried...

Read More
AnyConnect: Unauthorized Connection Mechanism
Aug27

AnyConnect: Unauthorized Connection Mechanism

Posted By on Aug 27, 2020

KB ID 0001699 Problem I was assisting a colleague to setup some AnyConnect for a client this afternoon, when all of a sudden I was met with this; VPN Logon denied, unauthorised connection mechanism, contact your administrator Solution This was a confusing one, I replicated the problem on my own test firewall. All I had done was change the AAA method from LOCAL to LDAP? It took me a while to figure out what was going on? The reason why...

Read More
AnyConnect: Allow ‘Local’ LAN Access
Jul22

AnyConnect: Allow ‘Local’ LAN Access

Posted By on Jul 22, 2020

KB ID 0001689 Problem Note: This WONT WORK if you ‘force-tunnel’ or ‘tunnel-all’ remote VPN traffic, (if you are unsure Google ‘what’s my ip’ > Take note of it > Connect to AnyConnect and repeat the procedure, if your public IP address has changed to the IP address of the ASA then you force-tunnel/tunnel-all traffic). With more people remote working now, I’m getting a lot more...

Read More
Cisco FTD (and ASA) Creating AnyConnect Profiles
Jul07

Cisco FTD (and ASA) Creating AnyConnect Profiles

Posted By on Jul 7, 2020

KB ID 0001685 Problem A few days ago I did an article on Deploying Cisco AnyConnect with the Cisco FTD, there I glossed over the AnyConnect profile section. For a long time now, we have been able to edit the AnyConnect profile from within the firewall (if we are running ASA code!) But for the FTD we need to take a step backwards and go back to using the ‘offline’ AnyConnect profile editor. Solution Firstly you need to...

Read More
Cisco ASA VPN Static to Dynamic IP (DHCP)
Jul01

Cisco ASA VPN Static to Dynamic IP (DHCP)

Posted By on Jul 1, 2020

KB ID 0001683 Problem I had a call with a client last week, they are in one of my employer’s DCs, and their servers are behind a vASA. They had purchased some Meraki MX devices for their IT team who were working remotely (during the Covid-19 lockdown), and were struggling. Normally we would just suggest AnyConnect, but these guys were building new machines for  their clients, and needed access directly to the domain from their...

Read More
Cisco FTD Deploy AnyConnect (from FDM)
Jun26

Cisco FTD Deploy AnyConnect (from FDM)

Posted By on Jun 26, 2020

KB ID 0001682 Problem In this article I will focus on ‘Remote Access’ VPN, which for Cisco FTD means using the AnyConnect client. Ive spent years deploying this solution for ASA so it’s a product I know well. As with all things Cisco, there are a couple of things that could trip you up. Let’s get them out of the way first. If you are used to AnyConnect then you probably have the client software. It’s the...

Read More